[WEB SECURITY] RE: Defeating nonce/token based CSRF protection

Jeroen van Dongen jeroen at jkwadraat.net
Fri Apr 18 14:28:42 EDT 2008

Thanks all for the answers -

Mike Duncan summarised it nicely I guess:
"...and we are answering: Yes, this is possible but security in depth is
the best defense against this."

Thanks again,

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

More information about the websecurity mailing list